Stuxnet Worm: Nine Facts Every IT Security Pro Should Know

by Brian Prince

Even before Belarus-based security firm VirusBlokAda reported Stuxnet's existence in July, the malicious worm had grabbed the attention of many in the security community because of its target- industrial control systems- and its complexity. In September, Iran admitted its first nuclear power plant had been hit with Stuxnet. Though the worm didn't do any damage, its presence highlighted the malware's potential. As it turns out, Iran was actually the site of many of the initial infections of Stuxnet as it spread throughout the globe. That may not have been coincidence, as some have openly speculated the worm was the work of Israel or the United States, though no solid evidence has been revealed to support those claims. Still, between the zero-days, stolen digital certificates and other functionality, many security researchers are ranking Stuxnet as one of the most sophisticated malware attacks they have seen. Here, eWEEK takes you step by step into the world of Stuxnet- what it does, how it does it and what you may not know about the worm.